GMER is a Powerful Rootkit Detector and Remover
Author: Raymond18 Mar
Most of you should be familiar with the term virus, trojan, spyware, adware and worm. What about rootkit? A rootkit allows someone, either legitimate or malicious, to maintain control over a computer system, without the computer system user knowing about it. Rootkits are the toughest malware to detect because they often fools the users to believe they are safe and install themselves as drivers or kernel modules.
The first time I encountered a rootkit is when both my laptop and desktop was infected by a virus called JambanMu. It is a virus but using rootkit method to hide itself. I felt that something was not right on both of my computers but no matter what security software that I used to scan my computers, it would come up nothing. Then I accidentally found out about a tool called GMER which is able to detect and remove rootkit. The name of this tool does sound like a gaming tool but it’s not. Actually I just wanted to take a look at how his tool works but it ended up telling me about the rootkit that is present on my system! Then after a little research, I found out that it was the JambanMu virus that I brought back from one of my work place.
GMER is an application that detects and removes rootkits.
It scans for:
hidden processes hidden threads hidden modules hidden services hidden files hidden Alternate Data Streams hidden registry keys drivers hooking SSDT drivers hooking IDT drivers hooking IRP calls inline hooks
Other than able to detect and remove rootkits, you can also view your computer processes, modules, services and files. It can also scan and list all the programs that are auto started when Windows is booted up. Another good thing about GMER is it has a built-in registry editor in case the rootkit or virus has enabled registry editing restriction. At the final tab, there is a CMD console where you can run command lines if the Windows command prompt has been disabled.
Like I said, GMER did detect a rootkit on my computer but wasn’t able to totally remove it because it is a persistent virus that just kept coming back after cleaning it up. If GMER did not inform me about the rootkit presence on my computer, I could be the source of infecting many other computers with the computer virus.
A lot of advanced trojan is able to use rootkit technology to hide the process by injecting to the kernel level but luckily not often used because it is unstable and will cause the computer to crash if it fails to inject. Although I personally do not worry so much on rootkit infection but it is still good to run GMER once in a while to check on my computer for any suspicious hidden process. It takes only a few seconds to scan your computer. If you can’t run GMER, maybe your computer is already infected by a rootkit that stops GMER from running. Try renaming gmer.exe to another name and then run it. There are actually a lot more free and portable anti-rootkit software, perhaps I should compile a list when I am feeling better from the bad flu that I am currently having.
[ Download GMER ]
: Copying this article to your website is strictly NOT allowed. However, if you like this article, you can use the HTML code below to directly link to this article.
Related Articles
IceSword Displays Processes and Files Hidden from Windows Explorer UnHackMe – Best Rootkits Remover Detect Hidden Process and Rootkit with DeepMonitor Hide or Remove “Safely Remove Hardware” Tray Icon ICQ 6.0 Build 5352 with Banner-Remover is Out! How to Check What Version of Microsoft .NET Framework is Installed in Computer Internet Explorer browser auto popup ads “/normal/yyy65.html”
Incoming Search Terms for the Article
GMER - how to use gmer - rootkit remover - best rootkit remover - gmer crashes - gmer how to use - gmer rootkit - gmer crash - how to use gmer rootkit - gmer crashes computer - using gmer - all - what does gmer do - best rootkit detector - how to use gmer.exe - gmer bsod - gmer blue screen - gmer virus - gmer anti-rootkit - best rootkit removers - GMER SCAN TIME - gmer anti rootkit - rootkit GMER - how do i use gmer - best rootkit cleaner - use gmer - rootkit cleaner,2009 - gmer rootkit removal - crash gmer - rootkit cleaner vista - what is gmer - Anti-Rootkit-Software GMER - gmer rootkit detector - gmer vista crash - GMER how to - rootkit rmover - the best rootkit remover - best rootkit remover 2009 - gmer help - gmer bluescreen - is gmer good - gmer catchme difference - raymond gmer - GMER - gmer causes blue screen - how does gmer work - gmer crashed - gmer cant find the file - best rootkit removal - GMER causes BSOD -
Categories
Recent Comments
- nio: thank you and thank you
- David H. Lipman: Thank you Jeremy!
- swapnil: i hav been waiting for
- mimi: please help me raymond.. can
- uzumakinaruto: hello..bro, where can i find
- krskumar: i need bit defender 2010
- Kate: I researched it some and
- person: If you want to bind
- Ricky: This list is very helpful
- Dani: Romania say THANKS , MERSI
Have computer technical problems? Get FREE help from Raymond.CC FORUM
32 Responses for "GMER is a Powerful Rootkit Detector and Remover"
Useless!
It simply finds hundred threats.
Every Symantec module, SpySweeper etc….
Raymond,
Nice tool! May I give a suggestion? Panda Antirootkit is a good tool too. Is quite hard to find it. But I happen to have it.
PS. get well soon.
Hope your flu get cured and post out the rootkit detection software
It\’s an interesting program… when downloading it as an EXE, it also randomly generates a name (probably to prevent viruses/rootkits from blocking the file)… but the application doesn\’t seem very user-friendly.
After doing a full scan of both my hard drives, I can\’t tell what the heck it\’s trying to tell me. Bunch of listings of MSN Messenger, another majority of Thunderbird, and then a bunch of drivers/registries that give me values such as 0xF9 0×89 0xD0 0xAf…
Interesting program overall. I can tell it searches your computer for potential rootkits and such… I just wish it made more sense!
Kaspersky thinks its a downloader but its not,, it found one or two things because i do processes every day so im glad it found two little things
Good Software
thanks raymond for the information given.I will try it out.
thanks raymond for the information given.
i afraid there are rootkit in my laptop .
Forgot to mention that this tool is not for the average computer users. It will list all hidden modules by default and the suspicious ones will be in red.
I have used this for a while and recommend it too. Although it is definitely a bit much and over complicated to the less technical minded folks who would be best to leave it and choose something with more user friendliness.
I have successfully used this to remove rootkits from some PCs I fixed and, I should add that other programs had failed to find the infection. Only nod32 alerted the users to any virus in the first place but then it would do nothing at all about it as it couldn’t.
I think everyone should have a selection of rootkit utilities like this as a stand y on a USB stick which is what I do. Keep updating them too of course!
Raymond, that is a great idea to do a post on rootkit tools so that you might help people to use a more well suited utility for them to easier understand.
Great to see a post about gmer though!
Cheers.
good one realy
This thing scanned a lot, the list thats shown under the tab \”Rootkit/Malware\” is the Rootkits/Malware right? Nice software.
Get well as fast as you can
Get well soon…!!!
I don’t know what happened here, but I started the scan, and the program stopped working. I closed the program and started it again, and got the BSOD. Not sure if this is compatible with Vista? I am going to run in xp compatability mode and see if that makes a difference.
Nice little app, thank you. It’s better to download the zip-archive and save it. This is a piece of software which makes one think about the difference between malware and ‘malware’…shall I think of Outpost firewall drivers as rootkits or shall I consider GMER as malware as it wants to load kernel-mode drivers???
As Sam says, Kaspersky thinks it id downloading a driver. Gmer, on the other hand detects system files from Kaspersky Lab and AVG as rootkit/malware? Im confused here. Any enlightenment? thanks
get well soon Ray
Crashed on first running after about 5 minutes of scanning. The usual dialog …. {name} has stopped running. Do you want to tell Microsoft…..
Reran it, and my computer BlueScreened saying that some table was corrupted.
Not a very friendly tool.
OFF TOPPIC:
Is There Any AVIRA TRIAL RESET FOR THE NEW AVIRA V9, Anti-Virus?!?!?
The Versial V1.0 Used in Avira 8 Does Not work on it…
I thought my computer was Grand Central Station for all Malware etc after running this program. AND then you said the sentence I was looking for:
“It will list all hidden modules by default and the suspicious ones will be in red.”
Whew – no red. All black against white. BOy, what a scare that was.
Get well soon and thanks
Thanx again for this piece of help…and I hope you get better soon.
I have heard that antirootkit detection of Avast antivirus program based on Gmer technology. Is that true?
hey raymond the tool is useful but if say hw to remove them it will be very usefull
Unhack me is the best rootkit detector
Get Well Soon…
I ought to warn you people but you can get yourself into a troubling situation with this tol as hapened to me a while ago when I first used it and didn’t understand it. If you go into the settings/options and you tick all or most of them you will be enabling the tool to ask you to verify processes as they are started or as they are started via another process. This is a greatthing which really amounts to real time rootkit discovery and protection but…!
The trouble I speak of is this:
I enabled all of these and then I rebooted. Upon restart, just in between the login screen and the desktop appearing I heard a beep and the gmer verification dialogue appeared asking me to allow or disallow some service or other(I dont recall but it was a normal windows service), I OK’d this and then nothing but a black screen. You know how you can see a black screen just before going to desktop?
Well I eventually worked out what was happeneing as the PC just stopped at that every time. I tried rebooting so many times and even tried disallowing the service, telling it to ignore it, nothing changed the result. I got a frozen PC just before the desktop.
Eventually I booted into safemode and managed to disable gmer from running at startup, I think, via the registry.
It seems it was trying to ask me to allow something else that started running just at that exact moment when the desktop was almost appeared, so somehow that stopped the Gmer dialogue from showing on screen and thus, rendering any keyboard presses useless!
Someone who is less versed in the ways of their PC should definitly be warned and please don’t mess around with the settings you do not understand as it is a danger!!
If you do find yourself in a situation after using gmer, (with options changed from default), go into safemode and disable all startup related to the program. If that fails then bootup with a disk like Barts PE environment (gogle it and make yourself one it is a lifesaver!) and then you can go and change the situation to stop gmer running or even remove the gmer exe file altogether!
Just be careful is all.
By the way, with the default settings it is totally safe from this kind of thing and I recommend you run it now and then just to see if you get any ‘red’ entries coming up. If you do, do not delete the files, but go to a forum or here and ask people what those files are!!
Good luck.
Thanks Ray!!!
This program is more user-friendly than anti-rootkit from sysinternals. However… we have to say… U R a Good Man Ray!!! U’ve spent UR time to searching, testing, and tell us about the best way to solve our problems.
I am using KIS2009,when I run GMER, antivirus says its suspicious virus.
Sudeep! You need to educate yourself about such things as ‘False Positives’. These are very common and it is worth your while learning what it means. Then you would not have posted about the virus scanner.
Programs that can change system settings and embed themselves deep into the operating system are often using the same techniques as many viruses would use. but they are using the techniques in a good way.
Virus scanners are just not very good at recognising when it is being done for good or evil! What I mean is, most scanners will shout VIRUS when it is not, and then it is down to you to research the program you are trying to use and decide for yourself if it is a virus or the scanner is just being over cautious.
I can guarantee you, in this particular case, the virus scanner is wrong.
PERSONALLY AT FIRST I FIND THIS TOOL BIT AWKARD AND THEN YOU NEED TO LEARN ABOUT THE FALSE PSOTIVES AND I AGREE IT IS FRO EXPERIENCE USERS
You can also try SysProt anti rootkit software, from here:
http://sites.google.com/site/sysprotantirootkit/Home/SysProt.zip
Sounds like this might be a good idea to add to the Toolkit
TRY FSECURE BLACKLIGHT It is user friendly and good
Leave a reply